Previous 1 2 3 4 5 Next 99 Replies Latest reply: Jul 17, 2011 2:43 PM by R C-R Go to original post Branched to a new discussion.
  • Linc Davis Level 10 Level 10 (165,260 points)

    I wonder if this means Apple will be releasing a version 1.1 of this update?

     

    I'm pretty sure there is a problem with the updater. But unless you have a screaming need for the MRT, I wouldn't worry too much. The next maintenance update will include it.

  • laverne's mom Level 2 Level 2 (395 points)

    mine is a imac 21" 3.06 GHz Intel Core 2 Duo, not a MBP. 

     

    laverne's mom

  • R C-R Level 6 Level 6 (16,605 points)

    But have you noticed any problems with high CPU activity after the update? If not, you aren't among the affected.

  • ryanmoffett1 Level 1 Level 1 (0 points)

    Good point.   Since I'm affected, here are my system details:

     

    Model Name:          MacBook Pro

    Model Identifier:          MacBookPro5,3

    Processor Name:          Intel Core 2 Duo

    Processor Speed:          2.66 GHz

    System Version:          Mac OS X 10.6.7 (10J869)

    Kernel Version:          Darwin 10.7.0

     

     

    From what I've seen in the thread, deleting the .plist files gets rid of the symptom because it prevents launchd from being able to run these 2 processes.   That's not a good long term solution as it appears to disable MRT.   If you do this and you reboot and notice that CPU utilization is normal and don't see any MRT or MRTAgent.app processes running, you will need to re-install the manual download.   I did this and as soon as I did, I had MRT running again and failing every couple of seconds with high CPU utilization to go along with it.

     

    Now, at one point, I tried to figure out what is causing these 'Error: SMJobRemove: The operation couldn’t be completed. (kSMErrorDomainFramework error 4 - There was an error in the Authorization subsystem.)' messages.   I ran /usr/libexec/MRT by hand and it complained that it couldn't move it to /var/tmp due to permissions...which made sense, so I ran it by hand via 'sudo' and it seemed to work successfully and I noticed that MRT was no longer trying to run over and over again.   I rebooted and MRT wasn't trying to run nor failing to run.   I decided to see if this was reproducible so I re-installed the update, got back into the state where MRT was failing over and over again and manually ran /usr/libexec/MRT by hand again and it gives me the 'Error: SMJobRemove' message again.  

  • laverne's mom Level 2 Level 2 (395 points)

    Thank you.  No I haven't.  Just have gotten a little more on the cautious side this month.  Should get back to my normal levels of caution soon I hope.

     

    laverne's mom

     

  • powerbook1701 Level 3 Level 3 (565 points)

    On two differnt MBP's (a 2008 and a 2010), installed Security Update 2011-003 via SU and do not see the MRT in the path provided.

    My question is "should" it have been regardless, or is this something that only should have been installed if the installer determined that the trojan was present on the machine during this installation process, then installed the MRT app to deal with it.  If the installer did not find the trojan, it did not install. Is this maybe why some are seeing it and some not?  Or maybe something prevented it from clearing itself after the initial run.

     

    If it should have been installed regardless, and the standalone version differed from the software update version (but should have been the same), then we will most likely see a version 1.1 of Security Update 2011-003.

  • MadMacs0 Level 5 Level 5 (4,590 points)

    R C-R wrote:

     

    there are references to MRT in private/var/log/install log shown in Console. One is to "Begin script: loadMRT" & it shows to errors, "Error unloading: com.apple.mrt.uiagent," & "Error unloading: com.apple.mrt." That is followed by "End script: loadMRT."

     

    Note that errors like the above don't necessarily mean anything is wrong...

    Yes, there is a postinstall action script called loadMRT that simply unloads and then loads the LaunchAgent com.apple.mrt.uiagent and does the same thing for LaunchDaemon com.apple.mrt.  The unloads will always fail the first time as they were never launched.  That comes in to play when you update any of these components.

     

    Also note that there should be a unix executable "MRT" in /usr/libexec/ that is part of this system.

  • thomas_r. Level 7 Level 7 (30,405 points)

    Okay, here's what I've learned from an associate who took a closer look.  Apparently, it will always be installed and launched at the time of the installation.  It will run for several minutes, and may use a fair portion of the CPU, but will then delete itself.  (I can now verify that, although I had MRTAgent earlier, it's gone again.)

     

    So, if you're having problems with it running for an extended period, and you are 100% certain that you don't have a MacDefender trojan variant installed, then you've got something wrong somewhere.  You may want to try reinstalling the update manually.

  • ryanmoffett1 Level 1 Level 1 (0 points)

    I was able to reproduce what looks like a 'fix/kludge'.   I'll let the collective body here decide :-)

     

    As I was saying earlier, I had tried to run MRT by hand via Terminal and when I did that via 'sudo' I thought the problem had gone away but I had no explanation as to why.   I tried to reproduce it and couldn't.  

     

    However, I remembered when I was trying to determine why MRT was running for high CPU for a few seconds and abruptly terminating, I took a process sample from Activity Monitor.   When I did this again, then subsequently tried to run MRT by hand, I get:

     

    rymoffet-mac:~ rymoffet$ /usr/libexec/MRT

    2011-06-01 14:00:56.018 MRT[2710:903] Error: Couldn't move /usr/libexec/MRT to /var/folders/Kr/KrssdC05GGmgfZmTpqcGtE+++TI/-Tmp-/MRT: Permission denied

    rymoffet-mac:~ rymoffet$ sudo /usr/libexec/MRT

    2011-06-01 14:02:44.113 MRT[2730:e07] Error: SMJobRemove: The operation couldn’t be completed. (kSMErrorDomainLaunchd error 6 - The specified job could not be found.)

    2011-06-01 14:02:44.119 MRT[2730:e07] Error: SMJobRemove: The operation couldn’t be completed. (kSMErrorDomainLaunchd error 6 - The specified job could not be found.)

    rymoffet-mac:~ rymoffet$ sudo /usr/libexec/MRT

    Password:

    sudo: /usr/libexec/MRT: command not found

     

    So, it looks like it didn't successfully run to completion, but it fails in a different way here on SMJobRemove (which I have no way of knowing would be expected or not), but it also then removed /usr/libexec/MRT, /System/Library/CoreServices/MRTAgent.app and the associated .plist files for these under /System/Library/LaunchDaemons and /System/Library/LaunchAgents as was indicated would happen when it runs to completion.  

     

    Again, the step to get to this state was to catch MRT as it was briefly running in Activity Monitor and perform a 'Sample Process' while it was running.  Then running the MRT command by hand.   I have no clue whatsoever as to why this does this, but it does and I've now reproduced this 3 times.

     



     


  • R C-R Level 6 Level 6 (16,605 points)

    Thomas A Reed wrote:

    You may want to try reinstalling the update manually.

    Before doing that, it might be a good idea to run Disk Utility's two checks (disk & permissions, in that order) to make sure the file system & permissions settings are OK. Permissions issues are unlikely to be the problem -- the installer usually stops with a report of a problem if they are -- but it can't hurt to run that as long as Disk Utility is already open.

     

    Reported problems from a Verify Disk check are more serious. Even if running the Disk Repair step (which must be done from another volume like your installer DVD) fixes any discovered problems, it does not repair any damage already done to existing files. (It fixes the file system to prevent new damage from occurring, but that is all it can do.)

     

    Depending on what is damaged, it may be necessary to reinstall the OS, or if the damage is confined to files the Combo update replaces then downloading & installing that may be enough.

  • Linc Davis Level 10 Level 10 (165,260 points)

    It will run for several minutes, and may use a fair portion of the CPU, but will then delete itself.

     

    I thought of that, but dismissed it as absurd. What's the point of installing files into several standard locations, only to delete them a few minutes later? Bizarre.

  • R C-R Level 6 Level 6 (16,605 points)

    MadMacs0 wrote:

    Also note that there should be a unix executable "MRT" in /usr/libexec/ that is part of this system.

    I don't have any file of that name in /usr/libexec/.

  • thomas_r. Level 7 Level 7 (30,405 points)

    I guess the idea is that, once it has run, it's known your machine doesn't already have a MacDefender variant on it, and after it runs the other things should keep it away.  It's apparently a tool just for removing the infection and is unneeded once that task is complete.

  • MadMacs0 Level 5 Level 5 (4,590 points)

    R C-R wrote:

     

    MadMacs0 wrote:

    Also note that there should be a unix executable "MRT" in /usr/libexec/ that is part of this system.

    I don't have any file of that name in /usr/libexec/.

    Others have confirmed that this is also deleted upon completion of the task, along with the LaunchAgent and LaunchDaemon entries that were installed in support of the "removal" process.

  • R C-R Level 6 Level 6 (16,605 points)

    Linc Davis wrote:

    What's the point of installing files into several standard locations, only to delete them a few minutes later? Bizarre.

    It isn't bizarre; it is one of the ways clean up is done after restarts.

Previous 1 2 3 4 5 Next